diff --git a/group_vars/all b/group_vars/all index 4b3526b32f2b3cb9c9ec85d05c16f46ef134ad7a..597cc00a9efb94430c3d1ada69ffa7d30a24d633 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1 +1,7 @@ -# Globale Variablen für alle Server +# Globale Variablen für alle Server + +# IP Adresse des LDAP Servers +# Extern läuft auf dem webserver +ldap_ip_ext: 10.0.20.2 +# int ist noch ungenutzt / später replikation in der Zone +ldap_ip_int: 10.0.20.2 diff --git a/warpsrvint/docker_grafana/templates/ldap.toml b/warpsrvint/docker_grafana/templates/ldap.toml index dad2a61871b7a8d71ad12cb90f51ef5a6af4a8e0..57087195a7fc0120c708905ef31856721a27aa30 100644 --- a/warpsrvint/docker_grafana/templates/ldap.toml +++ b/warpsrvint/docker_grafana/templates/ldap.toml @@ -3,7 +3,7 @@ verbose_logging = false [[servers]] # Ldap server host (specify multiple hosts space separated) -host = "10.0.20.2" +host = "{{ ldap_ip_ext }}" # Default port is 389 or 636 if use_ssl = true port = 389 # Set to true if ldap server supports TLS diff --git a/warpsrvint/docker_warpinfra/templates/config.ini b/warpsrvint/docker_warpinfra/templates/config.ini index 8eaf5ff746f0ca783fe962c7c98205995850d32f..67e6e525a1aceeb3d93a8bb2e767113e27f84795 100644 --- a/warpsrvint/docker_warpinfra/templates/config.ini +++ b/warpsrvint/docker_warpinfra/templates/config.ini @@ -1,6 +1,6 @@ -[common] -# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay +[common] +# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay APPS = warpmain, warpauth, warppay INSTANCE_NAME = 'INTERN-PRODUKTIV' @@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone API_KEY = '' [mysql] -MYSQL_HOST = mysql -MYSQL_PORT = 3306 +MYSQL_HOST = mysql +MYSQL_PORT = 3306 MYSQL_USER = warpinfra MYSQL_PASS = {{ mysql_user_pw }} MYSQL_NAME = warpinfra [ldap] -LDAP_HOST = 10.0.20.2 +LDAP_HOST = {{ ldap_ip_ext }} LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms LDAP_PASSWORD = {{ ldap_admin_pass }} diff --git a/warpsrvint/docker_warpinfratest/templates/config.ini b/warpsrvint/docker_warpinfratest/templates/config.ini index e18f6b8b963e3cd507fefe84f5d6408386a20ab9..c56d51407897f9570f36128d44d2067c7a8834c2 100644 --- a/warpsrvint/docker_warpinfratest/templates/config.ini +++ b/warpsrvint/docker_warpinfratest/templates/config.ini @@ -1,6 +1,6 @@ -[common] -# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay +[common] +# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay APPS = warpmain, warpauth, warppay INSTANCE_NAME = 'INTERN-TEST' @@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra-test.warpzone API_KEY = '' [mysql] -MYSQL_HOST = db -MYSQL_PORT = 3306 +MYSQL_HOST = db +MYSQL_PORT = 3306 MYSQL_USER = warpinfra MYSQL_PASS = {{ mysql_user_pw }} MYSQL_NAME = warpinfra [ldap] -LDAP_HOST = 10.0.20.2 +LDAP_HOST = {{ ldap_ip_ext }} LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms LDAP_PASSWORD = {{ ldap_admin_pass }} diff --git a/webserver/docker_gitlab/templates/gitlab.rb b/webserver/docker_gitlab/templates/gitlab.rb index 1131f327ef8ef2dc29a3e1e0823a43a5e23842d5..9116ec14904701a2aa54458f1245c04652cc49a4 100644 --- a/webserver/docker_gitlab/templates/gitlab.rb +++ b/webserver/docker_gitlab/templates/gitlab.rb @@ -92,7 +92,7 @@ gitlab_rails['gitlab_default_projects_features_issues'] = false ldap_servers_template = <<-'EOS' main: label: 'LDAP' - host: '10.0.20.2' + host: '{{ ldap_ip_ext }}' port: 389 uid: 'uid' method: 'plain' @@ -108,7 +108,7 @@ ldap_servers_template = <<-'EOS' last_name: 'sn' EOS -# Replace LDAP Server IP fron Environment variable +# Replace LDAP Server IP fron Environment variable # which is set by the Docker Link ldap_servers = ldap_servers_template % ENV['LDAP_PORT_389_TCP_ADDR'] diff --git a/webserver/docker_ldap/tasks/main.yml b/webserver/docker_ldap/tasks/main.yml index d5ad36693c8528ebf62acb1c7cf4219f46234a2c..6c250ac0a17316a7c6aa3c45a31408d92a969a82 100644 --- a/webserver/docker_ldap/tasks/main.yml +++ b/webserver/docker_ldap/tasks/main.yml @@ -1,9 +1,9 @@ --- -# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen -# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets -# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden -# Die Daten, die von Slurp gelesen werden sind Base64 codiert -# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden +# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen +# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets +# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden +# Die Daten, die von Slurp gelesen werden sind Base64 codiert +# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden - name: get secrets from server 1 slurp: src={{ item }} @@ -13,27 +13,27 @@ register: ldap_secrets - name: get secrets from server 2 - set_fact: - ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" + set_fact: + ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" + ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - name: create folder struct for ldap - file: - path: "/srv/ldap" + file: + path: "/srv/ldap" state: "directory" - name: create folder struct for ldap - file: - path: "/srv/ldap/database" + file: + path: "/srv/ldap/database" state: "directory" - name: create folder struct for ldap - file: - path: "/srv/ldap/config" + file: + path: "/srv/ldap/config" state: "directory" - + - name: start ldap docker - docker_container: + docker_container: name: ldap-service image: osixia/openldap:1.1.6 hostname: ldap-service @@ -45,21 +45,21 @@ env: LDAP_ORGANISATION: Warpzone LDAP_DOMAIN: warpzone.ms - LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}" + LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}" LDAP_READONLY_USER: true LDAP_READONLY_USER_USERNAME: readonly LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}" ports: - - 10.0.20.2:389:389 - - 10.0.20.2:636:636 - + - {{ ldap_ip_ext }}:389:389 + - {{ ldap_ip_ext }}:636:636 + - name: start phpldapadmin docker - docker_container: + docker_container: name: phpldapadmin-app image: osixia/phpldapadmin:0.6.11 state: started restart_policy: always - env: + env: PHPLDAPADMIN_LDAP_HOSTS: ldap-host PHPLDAPADMIN_HTTPS: false PHPLDAPADMIN_TRUST_PROXY_SSL: true @@ -67,4 +67,3 @@ - ldap-service:ldap-host ports: - 127.0.0.1:42004:80 - diff --git a/webserver/docker_warpinfra/templates/config.ini b/webserver/docker_warpinfra/templates/config.ini index 90a48621cf339463ba6b47d4f67c7ac21b1e7942..a68e2a3c53c95bf067cbec439c3da630497a6943 100644 --- a/webserver/docker_warpinfra/templates/config.ini +++ b/webserver/docker_warpinfra/templates/config.ini @@ -1,6 +1,6 @@ -[common] -# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay +[common] +# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay APPS = warpmain, warpauth, warpfood INSTANCE_NAME = 'EXTERN-PRODUKTIV' @@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms API_KEY = {{mattermost_api_key}} [mysql] -MYSQL_HOST = db -MYSQL_PORT = 3306 +MYSQL_HOST = db +MYSQL_PORT = 3306 MYSQL_USER = warpinfra MYSQL_PASS = {{ mysql_user_pw }} MYSQL_NAME = warpinfra [ldap] -LDAP_HOST = 10.0.20.2 +LDAP_HOST = {{ ldap_ip_ext }} LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms LDAP_PASSWORD = {{ ldap_admin_pass }} diff --git a/webserver/docker_warpinfratest/templates/config.ini b/webserver/docker_warpinfratest/templates/config.ini index dc846db63e66bcc6b40ea5ff4bf6a57ae3a9f75e..9b83d65118a0750370d0c3c4a067f7f755d3a542 100644 --- a/webserver/docker_warpinfratest/templates/config.ini +++ b/webserver/docker_warpinfratest/templates/config.ini @@ -1,6 +1,6 @@ -[common] -# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay +[common] +# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay APPS = warpmain, warpauth, warpfood, warpapi INSTANCE_NAME = 'EXTERN-TEST' @@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms API_KEY = {{mattermost_api_key}} [mysql] -MYSQL_HOST = db -MYSQL_PORT = 3306 +MYSQL_HOST = db +MYSQL_PORT = 3306 MYSQL_USER = warpinfra MYSQL_PASS = {{ mysql_user_pw }} MYSQL_NAME = warpinfra [ldap] -LDAP_HOST = 10.0.20.2 +LDAP_HOST = {{ ldap_ip_ext }} LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms LDAP_PASSWORD = {{ ldap_admin_pass }} diff --git a/webserver/openvpn/templates/warpzone-up.sh b/webserver/openvpn/templates/warpzone-up.sh index bb922e2b94d3bfebe2e62fe45d97445c37acf264..2a0ca20807d71eb6c3e3bf495b26cd20ce25cb53 100644 --- a/webserver/openvpn/templates/warpzone-up.sh +++ b/webserver/openvpn/templates/warpzone-up.sh @@ -2,6 +2,5 @@ # the interface name is passed as first argument ($1) #modprobe ip_tables -#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389 -#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636 - +#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389 +#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636